Cellular Network Attacks

A few websites have been running a story today on an upcoming attack announcement/demo in next week black hat conference.

Instead of targeting the OS or a specific app, that attack would target bugs directly in a component used to send and receive calls, a baseband chip. Although technically it is still a software attack, the code used to control that chip, it would bypass any security measures in place at the OS level, and would especially be out of Apple/Google control. Such attack could be used to intercept calls or spy on a phone user by activating its phone microphone…

But then surely you would also need to find a bug in the microphone chip? Or elevate your privilege at the OS level from the baseband chip bug?Anyway, eavesdropping on calls would at least be possible.

What makes this news interesting is both that duplicating a cell tower is becoming easier/cheaper (about $2k) and that you can’t secure and control everything, even in close systems such as iOS devices. Until they start manufacturing every single component, phone manufacturers will have to rely on a multitude of other vendors; all with different security agendas.

Now, if I was working for a security state agency I would invest in some key communication component companies… As hacking is becoming more and more lucrative/political, how long until the “bad guys” start thinking alike… but then you would call me paranoid ;)